Need some advice on learning networking

Re: Need some advice on learning networking


You kinda of lost me when you said to remove the inheritance from the subfolders. I'm gonna have to think about that for a minute.


Here's the way I did it.

I created a folder and named it "datashare".

I removed the inheritance from that shared folder. I then removed "users" from permissions. I then add the users that I wanted to have permission to this share but I only grated them permission to "this folder only".

In other words, the users will not be able to see any subfolders that I add to the share unless I grant them at least read permission.


I probably did a terrible job of explaining it. Here's the video that I watched:

Re: Need some advice on learning networking

By the way, rthonpm is MUCH more advanced than me when it comes to anything to do with Windows Server. I've learned a lot from him just now. He gave some great advice when he said this:





This wouldn't have occurred to me because I lack experience in running into this scenario. But I will not forget this advice. Thanks.

Re: Need some advice on learning networking

You did it exactly as you should. You don't want any accounts or groups having access to the subfolders except Administrators, SYSTEM, and the groups/user(s) you want.

The general breakdown for basic NTFS permissions is:

Read: you can open and run anything in the folder, but you can't change anything.

Read/Write: you can add new files or folders, but you can't delete anything.

Modify: you can delete folders or files.

Full Control: you control all security permissions.

There is a more advanced set of permissions available, but unless you really know what you're doing it's best to stick with the basics.

Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking

And depending on the security settings, even if you are logged in as the administrator, you may not be able to change the permissions if the folder was created by a user unless you first take ownership of the folder.

Re: Need some advice on learning networking

Generally, to ensure that Administrators always have full permissions, they should be set as the owner for all server-side folders.

The other issue comes when UAC is enabled on a server since it means that the file explorer isn't running with admin permissions and will throw all kinds of errors for permissions even when using an administrator account to access a folder. To get around this, it's easier to edit the share when mapped from a separate workstation as opposed to the server itself. Most of our installs are Server Core anyway so there's not many reasons to even log into the server directly.

Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking

I've been working on something for the last few hours. I think I understand it. Here's the deal.


In many office environments, the users aren't stationary...they move around. Thus they need to be able to log on to almost any PC and access their information. Logging on to any PC isn't a problem but when they do none of the files or info will be available to them. Here's the way I found to solve it. There may be a better way?


The way I solved it is by using 'folder redirection'.

Here's what I did:

- Create a shared folder called: Folder Redirect
I gave permission to only the needed users. The selected users have access to the shared folder but not the sub-folders uness it's their subfolder.

- Created a GPO called: Folder Redirect GPO.
This is a user based policy. Basically I redirected "My Doc" and "Desktop" to the network share that I created earlier.


This accomplished 2 things:

1. These users can log on to any PC, go to the shared folder and have access to their desktop & My Docs
2. The Domain Admin can back up all the PC's from the server.


Where did I go wrong and what did I do right?

Re: Need some advice on learning networking

For years I recommended this, but with Microsoft 365 pretty much a mature solution, we now do redirection to OneDrive. The standard is the Desktop, Documents, and Pictures all get redirected. From a cost standpoint, it's the cheapest one terabyte storage you'll find and it also allows for files to be accessible from mobile devices as well as PC's. The DLP (data loss prevention) features available to M365 admins are pretty strong. At this point, we only really build out internal file servers for large data files,data that doesn't need to be accessible outside of the office, or files that can't be read without specialty software. The only accounts we do folder redirection to servers for are specialty accounts that run equipment or other devices that output files. Since these don't have internet access or M365 accounts it's a good way to catch the data for server backups.

Another advantage is the ability to share and collaborate on the same file at the same time with other people, which you can't do over SMB.

My own company has moved all of our staff off home shares to OneDrive and most of our company data from SMB and SharePoint over to Teams. It's been the model we also try to adapt for most of our customers as well. It's been bumpy for a few of them, but once they get the logic of it down and build out their workflows it's been a much smoother process, especially since they don't need to worry about VPN issues or purchasing CALs for staff that are completely remote.

Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking


That's fantastic. Gotta learn how to set this up.

Re: Need some advice on learning networking

I've got one foot in the Cisco world of routers & switches and the other foot in Windows Server. It's becoming information overload.


However, I did run up on something that sounds useful and very cool - Roaming Profiles.

It looks fairly simple to set up. Here's what it does: No matter what computer you log onto, all of your folders, files, ect, will be there. You'll even have the same background. Your "applications" will not follow you, however, so you'd have to install them.

I'm gonna get around to trying this out.

Anyone have any experience with roaming profiles?


PS - This is different from "Folder Redirection".

Re: Need some advice on learning networking

Roaming profiles: the bane of every sys admin's life that ever tried to use them.

Forget you ever even heard they were a thing and let roaming profiles live back in the early 2000's where they belong. They're server and storage intensive, easily breakable, and there are much better methods to accomplish the same thing.

It's like PST files: a solution for a problem that doesn't really exist any longer.

Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking


That's good enough for me. Consider it forgotten.

Re: Need some advice on learning networking

I need some guidance.


A customer of mine has is running Windows Server 2016 and she told me that there was no internet service at the server. On the screen there was a yellow triage with an exclamation point. I ran the network trouble shooter and it suggested that I reset the network and I clicked on "OK".

After a reboot there's now a red X by the network ICON. When I go to device manager, there's no network adapter present. I scanned for hardware changes and clicked on "show hidden devices". Nothing.

It appears that the network adaptor got deleted.


Where do I go from here?

Re: Need some advice on learning networking

From another machine, go to the manufacturer's site and download the network driver. Since there are possibly several network daughter cards, you may have to try several files to get to the right one.

If it's a Dell server, see if you can get network connectivity from the UEFI set up, which may also allow you to update the system firmware or troubleshoot the network cards.

Also check the logs to see if there were any System errors or other issues related to the network adapter.


Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking

This is a server that someone built. It has an ASRock Pro 4 motherboard. I went to their website and downloaded the Intel LAN driver for Windows 10. That's the only one I see. The machine is running Win. Server 2016. Anyway, it didn't work. I gotta get this fixed because they can't access the server and it's my fault.

Re: Need some advice on learning networking

That's probably the issue right there: building servers with consumer components is always going to end in trouble since you either end up with an underpowered system or hardware that the OS doesn't completely support.

Server 2016 is a variant of Windows 10, but the driver structure is slightly different. You may need to find an older driver to get it to play nicely with the OS.

You're in a world of hurt and without knowing just what components are in that server it's not going to be fun.

Sent from my BlackBerry using Tapatalk